<?php

/**
 * Routines for XRI resolution.
 *
 * @package OpenID
 * @author JanRain, Inc. <openid@janrain.com>
 * @copyright 2005-2008 Janrain, Inc.
 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache
 */

// Do not allow direct access
defined( '_JEXEC' ) or die( 'Restricted access' );

require_once 'Auth/Yadis/Misc.php';
require_once 'Auth/Yadis/Yadis.php';
require_once 'Auth/OpenID.php';

function Auth_Yadis_getDefaultProxy()
{
	return 'http://xri.net/';
}

function Auth_Yadis_getXRIAuthorities()
{
	return array('!', '=', '@', '+', '$', '(');
}

function Auth_Yadis_getEscapeRE()
{
	$parts = array();
	foreach (array_merge(Auth_Yadis_getUCSChars(),
						 Auth_Yadis_getIPrivateChars()) as $pair) {
		list($m, $n) = $pair;
		$parts[] = sprintf("%s-%s", chr($m), chr($n));
	}

	return sprintf('/[%s]/', implode('', $parts));
}

function Auth_Yadis_getXrefRE()
{
	return '/\((.*?)\)/';
}

function Auth_Yadis_identifierScheme($identifier)
{
	if (Auth_Yadis_startswith($identifier, 'xri://') ||
		($identifier &&
		  in_array($identifier[0], Auth_Yadis_getXRIAuthorities()))) {
		return "XRI";
	} else {
		return "URI";
	}
}

function Auth_Yadis_toIRINormal($xri)
{
	if (!Auth_Yadis_startswith($xri, 'xri://')) {
		$xri = 'xri://' . $xri;
	}

	return Auth_Yadis_escapeForIRI($xri);
}

function _escape_xref($xref_match)
{
	$xref = $xref_match[0];
	$xref = str_replace('/', '%2F', $xref);
	$xref = str_replace('?', '%3F', $xref);
	$xref = str_replace('#', '%23', $xref);
	return $xref;
}

function Auth_Yadis_escapeForIRI($xri)
{
	$xri = str_replace('%', '%25', $xri);
	$xri = preg_replace_callback(Auth_Yadis_getXrefRE(),
								 '_escape_xref', $xri);
	return $xri;
}

function Auth_Yadis_toURINormal($xri)
{
	return Auth_Yadis_iriToURI(Auth_Yadis_toIRINormal($xri));
}

function Auth_Yadis_iriToURI($iri)
{
	if (1) {
		return $iri;
	} else {
		// According to RFC 3987, section 3.1, "Mapping of IRIs to URIs"
		return preg_replace_callback(Auth_Yadis_getEscapeRE(),
									 'Auth_Yadis_pct_escape_unicode', $iri);
	}
}


function Auth_Yadis_XRIAppendArgs($url, $args)
{
	// Append some arguments to an HTTP query.  Yes, this is just like
	// OpenID's appendArgs, but with special seasoning for XRI
	// queries.

	if (count($args) == 0) {
		return $url;
	}

	// Non-empty array; if it is an array of arrays, use multisort;
	// otherwise use sort.
	if (array_key_exists(0, $args) &&
		is_array($args[0])) {
		// Do nothing here.
	} else {
		$keys = array_keys($args);
		sort($keys);
		$new_args = array();
		foreach ($keys as $key) {
			$new_args[] = array($key, $args[$key]);
		}
		$args = $new_args;
	}

	// According to XRI Resolution section "QXRI query parameters":
	//
	// "If the original QXRI had a null query component (only a
	//  leading question mark), or a query component consisting of
	//  only question marks, one additional leading question mark MUST
	//  be added when adding any XRI resolution parameters."
	if (strpos(rtrim($url, '?'), '?') !== false) {
		$sep = '&';
	} else {
		$sep = '?';
	}

	return $url . $sep . Auth_OpenID::httpBuildQuery($args);
}

function Auth_Yadis_providerIsAuthoritative($providerID, $canonicalID)
{
	$lastbang = strrpos($canonicalID, '!');
	$p = substr($canonicalID, 0, $lastbang);
	return $p == $providerID;
}

function Auth_Yadis_rootAuthority($xri)
{
	// Return the root authority for an XRI.

	$root = null;

	if (Auth_Yadis_startswith($xri, 'xri://')) {
		$xri = substr($xri, 6);
	}

	$authority = explode('/', $xri, 2);
	$authority = $authority[0];
	if ($authority[0] == '(') {
		// Cross-reference.
		// XXX: This is incorrect if someone nests cross-references so
		//   there is another close-paren in there.  Hopefully nobody
		//   does that before we have a real xriparse function.
		//   Hopefully nobody does that *ever*.
		$root = substr($authority, 0, strpos($authority, ')') + 1);
	} else if (in_array($authority[0], Auth_Yadis_getXRIAuthorities())) {
		// Other XRI reference.
		$root = $authority[0];
	} else {
		// IRI reference.
		$_segments = explode("!", $authority);
		$segments = array();
		foreach ($_segments as $s) {
			$segments = array_merge($segments, explode("*", $s));
		}
		$root = $segments[0];
	}

	return Auth_Yadis_XRI($root);
}

function Auth_Yadis_XRI($xri)
{
	if (!Auth_Yadis_startswith($xri, 'xri://')) {
		$xri = 'xri://' . $xri;
	}
	return $xri;
}

function Auth_Yadis_getCanonicalID($iname, $xrds)
{
	// Returns false or a canonical ID value.

	// Now nodes are in reverse order.
	$xrd_list = array_reverse($xrds->allXrdNodes);
	$parser =& $xrds->parser;
	$node = $xrd_list[0];

	$canonicalID_nodes = $parser->evalXPath('xrd:CanonicalID', $node);

	if (!$canonicalID_nodes) {
		return false;
	}

	$canonicalID = $canonicalID_nodes[0];
	$canonicalID = Auth_Yadis_XRI($parser->content($canonicalID));

	$childID = $canonicalID;

	for ($i = 1; $i < count($xrd_list); $i++) {
		$xrd = $xrd_list[$i];

		$parent_sought = substr($childID, 0, strrpos($childID, '!'));
		$parentCID = $parser->evalXPath('xrd:CanonicalID', $xrd);
		if (!$parentCID) {
			return false;
		}
		$parentCID = Auth_Yadis_XRI($parser->content($parentCID[0]));

		if (strcasecmp($parent_sought, $parentCID)) {
			// raise XRDSFraud.
			return false;
		}

		$childID = $parent_sought;
	}

	$root = Auth_Yadis_rootAuthority($iname);
	if (!Auth_Yadis_providerIsAuthoritative($root, $childID)) {
		// raise XRDSFraud.
		return false;
	}

	return $canonicalID;
}

?>
